From 114fad5eb09586b0ca259443d718579a8f4593c8 Mon Sep 17 00:00:00 2001
From: zryfish <jeffzhang@yunify.com>
Date: Thu, 30 Jul 2020 17:45:29 +0800
Subject: [PATCH] sanitizer error message to avoid emitting xss error message
 (#2712)

Signed-off-by: Jeff <zw0948@gmail.com>
---
 pkg/api/utils.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/api/utils.go b/pkg/api/utils.go
index 0028cdef8..0df90901c 100644
--- a/pkg/api/utils.go
+++ b/pkg/api/utils.go
@@ -21,35 +21,39 @@ import (
 	"k8s.io/klog"
 	"net/http"
 	"runtime"
+	"strings"
 )
 
+// Avoid emitting errors that look like valid HTML. Quotes are okay.
+var sanitizer = strings.NewReplacer(`&`, "&amp;", `<`, "&lt;", `>`, "&gt;")
+
 func HandleInternalError(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusInternalServerError, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusInternalServerError)
 }
 
 // HandleBadRequest writes http.StatusBadRequest and log error
 func HandleBadRequest(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusBadRequest, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusBadRequest)
 }
 
 func HandleNotFound(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusNotFound, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusNotFound)
 }
 
 func HandleForbidden(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusForbidden, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusForbidden)
 }
 
 func HandleConflict(response *restful.Response, req *restful.Request, err error) {
 	_, fn, line, _ := runtime.Caller(1)
 	klog.Errorf("%s:%d %v", fn, line, err)
-	_ = response.WriteError(http.StatusConflict, err)
+	http.Error(response, sanitizer.Replace(err.Error()), http.StatusConflict)
 }